VP-ASP :: Shopping Cart Software

Shopping Cart Software Solutions for anywhere in the World

US/Canada(Toll Free): +1 888 587 2278
Europe/UK: +44 (020) 7193 9408
Australia/New Zealand: +61 3 9016 4497

VP-Cart StoreFront Customer Forum

Home | Profile | Register | Active Topics | Members | Search | FAQ
Save Password
Forgot your Password?

 All Forums
 VPCart Forum
 Credit card fraud and hackers
 SQL Injection
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

Starting Member

1 Posts

Posted - October 26 2009 :  13:51:31  Show Profile  Visit geneseewaterways's Homepage  Reply with Quote
Recently recovered from a SQL injection. Check the update patches and we were up to date. Is there a known back door that allows this to happen and is there a patch coming to fix it or is there anything I can do to close the security hole?


4284 Posts

Posted - October 26 2009 :  15:26:30  Show Profile  Visit support's Homepage  Reply with Quote
Hi there,

You should also check any custom coding to ensure all database calls are cleansed.

VPASP is as far as we know completely secure so if you have installed all patches then the culprit can only be custom coding.

Depending on what method of entry the hackers are using you may also want to look for any suspicious files on the server as well.

Hope this helps.


VPASP Support
Go to Top of Page

VP-ASP Expert

590 Posts

Posted - October 26 2009 :  15:48:25  Show Profile  Reply with Quote
Good advice Cam.

Just to clarify,when you say "cleanse" do you mean something like this:


Sex toys from a UK sex shop including vibrators and dildos.
Go to Top of Page


4284 Posts

Posted - October 27 2009 :  06:01:10  Show Profile  Visit support's Homepage  Reply with Quote
Hello Steve,

Yes you are correct. Simply add cleanchars() and it should cleanse the request.

VP-ASP Support
Go to Top of Page

Starting Member

15 Posts

Posted - January 04 2010 :  02:42:52  Show Profile  Visit dreamcatchers's Homepage  Reply with Quote
I paid VPASP to upgrade my site to V6.5 I recently have been getting numerous SQL injection attacks.

The source of the problem it turned out to be helpdesp software from ihelpdesk21. Now called Quadrcore. THey have many custom sql commands which resulted in SQL in jection in Customer, Products, Reviews, Content, and most Helpdesk tables.

With the help of VPASP support I am getting the database cleaned up and have deleted the Helpdesk software.

***** NOTE *****
Adding un-proven tools such as ihelpdesk to your ecommerce system may result in the destruction of your we site and loss of many customers.

Ramon Smitherman

Edited by - dreamcatchers on January 21 2010 17:50:11
Go to Top of Page


4284 Posts

Posted - January 04 2010 :  03:28:48  Show Profile  Visit support's Homepage  Reply with Quote
Hi Ramon,

The software itself is secure. If you have custom code though there is a good chance this is not secure as it needs to be written in such a way as to ensure injections cannot be made.

You also need to ensure that you have the latest security patches applied.

If you want us to have a look for you please submit a ticket in our online helpdesk at:



VPASP Support
Go to Top of Page

Senior Member

United Kingdom
1898 Posts

Posted - January 04 2010 :  03:30:32  Show Profile  Visit devshb's Homepage  Reply with Quote
your best bet would be to firstly make sure you're fully patched, and then if you still get injected look at the raw log files (or run mcafee site-checker) to see how they're getting in. Chances are it's via an unpatched file or a customisation.
You can't stop people from trying to attack the site, but by using patches and safe customisations it should stop attackers from being able to inject anything.
Keeping up to date with patches is probably the most critical point.

Simon Barnaby
[email protected]
Web Design, Online Marketing and VPASP addons
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000